Internet Small Computer System Interface (iSCSI) is an SCSI transport protocol for mapping of block-orientated storage data over TCP/IP (Transmission Control Protocol/Internet Protocol) networks. iSCSI builds on two widely used technologies—SCSI commands for storage and IP protocols for networking. By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. The iSCSI protocol enables universal access to storage devices and storage area networks (SANs). These networks may be dedicated networks or may be shared with traditional Ethernet applications.
The iSCSI standard defines a light weight discovery mechanism using the SendTargets text command and discovery sessions. When the SendTargets text command is used with the “All” option in a discovery session opened on the iSCSI network entity, the iSCSI network entity is required to return a list of all targets on the network entity and all of the portal groups associated with each target. In an open IP network, this information may provide potential attackers with significant information about what may be stored on the iSCSI network entity. Additionally, even if no information is exposed by target names, the reported portal information may be used by potential attackers to mount denial of services attacks to the IP addresses on the network entity.
The iSCSI protocol may also use other ancillary protocols to support its operation. Some of these protocols such as ICMP (Internet Control Message Protocol), SLP (Service Location Protocol), iSNS (Internet Storage Name Service), and SNMP (Simple Network Management Protocol) are not required for all installations or may only be required during system configuration. However, if the unneeded protocols are left in an enabled state, they may be used by potential attackers to mount denial of services attacks on the network entity.
Thus, it would be desirable to provide a method and apparatus for providing iSCSI target stealth operation without compromising standard iSCSI target function. Such a method and apparatus may allow an iSCSI storage device to be secured for discovery and to avoid denial of services attacks on certain supporting network services.